From 61aad8cda475a07d579a85f209696d1ff8fd3e84 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 2 Apr 2019 19:20:43 +0200
Subject: [PATCH] shared: better implement compat version of explicit_bzero()

If we don't have explicit_bzero(), try a bit harder and use
a volatile pointer.

This is also what libsecret's egg_secure_clear() does [1]. However, for
us this is less important, because commonly we expect glibc to provide
a useable explicit_bzero().

[1] https://gitlab.gnome.org/GNOME/libsecret/blob/b5442654d483e959ac9ecd3a3fb9eebc8d9d8399/egg/egg-secure-memory.c#L1352
---
 shared/nm-utils/nm-secret-utils.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/shared/nm-utils/nm-secret-utils.c b/shared/nm-utils/nm-secret-utils.c
index ec5cc6b1b3..81f8b5aeef 100644
--- a/shared/nm-utils/nm-secret-utils.c
+++ b/shared/nm-utils/nm-secret-utils.c
@@ -30,15 +30,22 @@ void
 nm_explicit_bzero (void *s, gsize n)
 {
 	/* gracefully handle n == 0. This is important, callers rely on it. */
-	if (n > 0) {
-		nm_assert (s);
+	if (n == 0)
+		return;
+
+	nm_assert (s);
+
 #if defined (HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
-		explicit_bzero (s, n);
+	explicit_bzero (s, n);
 #else
-		/* don't bother with a workaround. Use a reasonable glibc. */
-		memset (s, 0, n);
-#endif
+	{
+		volatile guint8 *p = s;
+
+		memset (s, '\0', n);
+		while (n-- > 0)
+			*(p++) = '\0';
 	}
+#endif
 }
 
 /*****************************************************************************/